Deep Bayesian Image Set Classification: A Defence Approach against Adversarial Attacks

TL;DR

This paper introduces a novel deep Bayesian image set classification method to defend against adversarial attacks, demonstrating superior robustness and performance across multiple datasets and attack scenarios.

Contribution

It is the first to propose an image set based adversarial defense framework utilizing deep Bayesian classification for enhanced security.

Findings

Outperforms existing defense methods on CIFAR-10, MNIST, ETH-80, and Tiny ImageNet.

Effective against various adversarial attack types and perturbation levels.

Robustness is influenced by image size, perturbation magnitude, and the ratio of perturbed images.

Abstract

Deep learning has become an integral part of various computer vision systems in recent years due to its outstanding achievements for object recognition, facial recognition, and scene understanding. However, deep neural networks (DNNs) are susceptible to be fooled with nearly high confidence by an adversary. In practice, the vulnerability of deep learning systems against carefully perturbed images, known as adversarial examples, poses a dire security threat in the physical world applications. To address this phenomenon, we present, what to our knowledge, is the first ever image set based adversarial defence approach. Image set classification has shown an exceptional performance for object and face recognition, owing to its intrinsic property of handling appearance variability. We propose a robust deep Bayesian image set classification as a defence framework against a broad range of adversarial attacks. We extensively experiment the performance of the proposed technique with several voting strategies. We further analyse the effects of image size, perturbation magnitude, along with the ratio of perturbed images in each image set. We also evaluate our technique with the recent state-of-the-art defence methods, and single-shot recognition task. The empirical results demonstrate superior performance on CIFAR-10, MNIST, ETH-80, and Tiny ImageNet datasets.